45. What is Structured Threat Information Expression (STIX) and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation?

The Structured Threat Information Expression (STIX) is a community driven platform for defining and developing a standardized language for purposes of representing structured cyber threat information. Because organizations today face enormous cyber threat challenges and issues, STIX aims to put forth and tie together a common, structured representation of information, such as the following:

  • Cyber Observables (i.e., meaningful patterns of potential observations that may indicate some sort of relevant event or state).
  • Indicators
  • Incidents
  • Adversary Tactics, Techniques, and Procedures (i.e., attack patterns, malware, exploits, etc.)
  • Exploit Targets (i.e., vulnerabilities and weaknesses)
  • Course of Action
  • Cyber Attack Campaigns and Cyber Threat Initiatives

Moreover, STIX is actually a U.S. Department of Homeland Security led effort of the office of Cybersecurity and Communications. MITRE, operating as DHS’s Federally Funded Research and Development Centers (FFRDC), actually manages the STIX website at http://stix.mitre.org/.

The Importance of Information Security Policies and Procedures

STIX can be an extremely useful platform for today’s security conscious I.T. professionals, such as those who truly believe in ensuring the confidentiality, integrity, and availability (CIA) of one’s entire information systems network. But STIX also exposes the critical importance of documented operational and information security policies and procedures, such as the FLANK21 set of documents offered by FLANK. With literally hundreds of templates to choose from, I.T. professionals will have access to essential security documentation, such as incident response policies, security awareness training templates, anti-malware solutions, provisioning and hardening documents, and so many others. 

Information Security Policies and Procedures are a Must for Cyber Security and Compliance

Cyber security threats are serious, growing every day - constituting one of the biggest challenges facing organizations today. Platforms such as STIX are essential for helping ensure the safety and security of today’s critical I.T. landscapes, along with documented operational and information security policies and procedures offered by FLANK. Moreover, don’t forget the ever-growing regulatory compliance laws, legislation, and industry specific directive being placed on businesses today – they all share one very common trait – the need for documented, enterprise-wide information security policies and procedures. Trust FLANK and the FLANK21 set of policies, procedures, forms, checklists, template, provisioning and hardening documents – and more.